08.28.2019 Back to News

HIPAA Alert: The 10 Most Common HIPAA Violations

Ever wonder what the 10 most common HIPAA violations are in the health care industry? 

Snooping on health care records and lack of a risk management process top the list. 

Here is a listing ot the top 10 HIPAA violations:

  1. Snooping on health care records: Snooping/accessing, without need to know or signed authorization, on health care records of family, friends, neighbors, coworkers and celebrities is one of the most common HIPAA violations committed by employees.
  2. Failure to perform an organizationwide risk analysis: If the risk analysis is not performed regularly, organizations will not be able to determine whether any vulnerabilities to the confidentiality, integrity and availability of Protected Health Information exist.
  3. Failure to manage security risks/lack of a risk management process: Risks that are identified during risk analysis must be subjected to a risk management process.
  4. Failure to enter into a HIPAA-Compliant Business Associate Agreement.
  5. Insufficient ePHI access controls: The HIPAA Security Rule requires covered entities and their business associates to limit access to ePHI to authorized individuals.
  6. Failure to use encryption or an equivalent measure to safeguard ePHI on portable devices.
  7. Exceeding the 60-day deadline for issuing breach notifications.
  8. Impermissible disclosures of protected health information: This violation category includes disclosing PHI to a patient’s employer, potential disclosures following the theft or loss of unencrypted laptop computers, careless handling of PHI, disclosing PHI without a need, not disclosing the “minimum necessary” and disclosures of PHI after patient authorizations have expired.
  9. Improper disposal of PHI.
  10. Denying patients access to health records.

If you have any questions about how Methodist handles HIPAA privacy, please contact HIPAA Privacy Officer Zorana Vojnovic at (402) 354-6863 or zorana.vojnovic@nmhs.org.